Seraphim
セラフィム Vietnam
トラストサービス基準 コンプライアンスチェッカー ♪
Assess your SOC 2 readiness with our kawaii Trust Services Criteria checker! ✧ Evaluate all 5 criteria to prepare for your Type I or Type II audit. がんばって!
SOC 2 (Service Organization Control 2) is an AICPA framework evaluating how service organizations manage customer data based on five Trust Services Criteria. It's essential for SaaS, cloud providers, and any organization handling customer data.
Design of controls at a point in time
Design + effectiveness over 6-12 months
セキュリティ • Protection against unauthorized access
Do you have documented security policies reviewed at least annually?
Is there a formal risk assessment process conducted at least annually?
Do you have logical access controls with role-based permissions?
Is multi-factor authentication (MFA) required for system access?
Do you perform background checks on employees before granting access?
Is there a documented incident response plan that's tested regularly?
Are vulnerability scans and penetration tests conducted at least annually?
可用性 • System availability for operation and use
Do you have documented SLAs with uptime commitments?
Is there a disaster recovery plan with defined RTOs and RPOs?
Do you have redundancy and failover mechanisms for critical systems?
Is system capacity monitored with alerts for threshold breaches?
処理の完全性 • Complete, accurate, timely, authorized processing
Are data input validation controls implemented to ensure accuracy?
Is there error handling and correction procedures documented?
Are processing outputs reviewed for completeness and accuracy?
機密性 • Protection of confidential information
Is confidential information identified and classified?
Is confidential data encrypted at rest and in transit?
Are there procedures for secure disposal of confidential information?
Do NDAs/confidentiality agreements cover employees and third parties?
プライバシー • Collection, use, retention, disclosure of personal information
Do you have a published privacy notice explaining data practices?
Do you obtain consent before collecting personal information?
Can data subjects access, correct, and delete their personal data?
Is personal data only used for disclosed purposes?
共通コントロール • Organizational governance and operations
Is there a formal change management process for system changes?
Do you assess and monitor third-party/vendor risks?
Do all employees receive security awareness training at least annually?
Our team helps SaaS companies and service providers achieve SOC 2 Type I and Type II certification. From readiness assessment to audit support, we guide you through the entire process!
💌 Get Free Consultation ✧ 無料相談SOC 2 (Service Organization Control 2) is an auditing framework developed by the AICPA that evaluates how organizations manage customer data. It's based on five Trust Services Criteria: Security (required), Availability, Processing Integrity, Confidentiality, and Privacy.
SOC 2 is essential for SaaS companies, cloud service providers, data centers, MSPs, and any organization handling customer data. Enterprise customers increasingly require SOC 2 Type II reports from vendors.